E-mailid stiilis: “This account was infected! Change the password this time!”

Mõned kasutajad on viimasel ajal saanud oma e-mailile kirju, justkui nad oleks selle endale ise saatnud ja seoses konto “häkkimisega”.
Selliseid kirju liigub serveritel massilisemalt juba viimased paar kuud. Tegemist on õngitsuskirjade/rämpspostiga.
Reaalselt, kui uurida kirja headereid, selgub, et need kirjad on siiski saadetud 3. osapoole serverilt ja mitte kliendi enda tunnustega vaid erinevatelt välistelt varieeruvatelt mailiaadressitelt.
Oleme koolitanud küll mailiserverid selliseid kirju eemaldama, kuid kuna sõnastus ja algsed saatjad/serverid varieeruvad, siis osaliselt võib neid ka läbi tulla kliendi mailboksi. Kui saate analoogse sisuga kirja, kas siis inglise või eesti keeles (reeglina halb või lünklik sõnastus), tuleks antud kirja ignoreerida!
Samal teemal on kirjutanud ka Riigi Infosüsteemide Amet juba Jaanuaris 2019: https://www.ria.ee/et/uudised/olukord-kuberruumis-jaanuar-2019.html

Mida teha, et selliseid kirju ei tuleks?
Kui Teie e-mail on meie juures:
1. Kontrollige üle, kas teil cPaneli kontol on kohas EMAIL -> Spam Filters – sisse lülitatud Spamassassini teenus
2. Kui on, soovitame aktiveerida ka SpamBox teenuse samalt lehelt
3. Domeeni SPF kirjel (Kohas DOMAINS -> Zone editor -> Selekteeri domeen -> TXT kirje, mis algab sõnaga spf) tuleks ~all asendada -all märkega!
4. Kui SPF’i ei ole domeenil, tuleks lisada SPF, DKIM ja DMARC reeglid.
(SpamAssassin on lisanud vastavalt reeglid: BITCOIN_EXTORT_01 ja BITCOIN_SPAM_02 – selliste kirjade tõrjumiseks)

Näidiskiri:

To: Kasutajamailinimi@kasutajadomeen.tld
From: Kasutajamailinimi@kasutajadomeen.tld
Subject: Kasutajamailinimi

Message:
This account was infected! Change the password this time!
You do not know anything about me and you really are probably interested for what reason you’re getting this message, proper?
I’m hacker who opened your emailand digital devicesseveral months ago.
It will be a time wasting to try to contact me or find me, it is definitely not possible, because I directed you an email from YOUR own hacked account.
I build in spyware to the adult videos (porno) site and suppose you enjoyed this website to have some fun (you realize what I really mean).
While you were watching these “great” vids, your browser started out functioning like a RDP (Remote Control) that have a keylogger which gave me ability to access your display and webcam.
Afterward, my program got all info.
You have wrote passcodes on the websites you visited, and I intercepted them.
Surely, it’s possible to change them, or have already changed them.
Even so it does not matter, my app renews information every 5 minutes.
And what did I do?
I compiled a backup of every your device. Of all files and contact lists.
I created a dual-screen record. The first part shows the clip that you were watching (you’ve the perfect preferences, haha…), and the 2nd part presents the recording from your webcam.
What actually should you do?
Good, I think, 1000 USD is basically a fair price for our little secret. You’ll make the deposit by bitcoins (if you do not understand this, search “how to purchase bitcoin” in any search engine).
My bitcoin wallet address:
1PXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
(It is cAsE sensitive, so copy and paste it).
Attention:
You have 2 days in order to make the payment. (I put an unique pixel in this e-mail, and at this point I know that you have read through this email).
To track the reading of a messageand the activityin it, I use a Facebook pixel. Thanks to them. (The stuff that can be used for the authorities should helpus.)

In the event I do not get bitcoins, I will immediately give your video file to each of your contacts, along with family members, colleagues, etc?

Comments are currently closed.